This release of the Python agent is a hotfix release to address a problem where the agent could fail to validate the SSL certificate of the New Relic collector in some environments.
For a list of known issues with the Python agent, see Status of the Python agent.
If the Python agent was used in an environment where the
certifi package was installed, the Python agent would use the
certifi CA certificates bundle to validate the certificate of the New Relic collector. However, the latest release of
certifi (November 20, 2015) removed some older CA certificates with 1024-bit keys.
The SSL certificate for the New Relic collector is cross-signed with both a 1024-bit certificate and a 2048-bit certificate, but in some circumstances, the stronger root certificate was not used for validation. When the 1024-bit certificate was no longer included in the
certifi bundle, SSL validation would fail. Affected customers would see warnings in their agent log stating "Data collector is not contactable" due to an
To address this issue, the agent no longer uses the
certifi CA certificates bundle, nor the certificates bundled with
requests. Instead, it only uses the CA bundle included with the agent to validate the New Relic collector certificate.